Merry Malware: How to Avoid Holiday Phishing Scams

Phishing scams are a menace. According to the Verizon 2015 Data Breach Investigations Report, at least one in 10 people fall for phishing attacks. This rate of success spells trouble for businesses. Indeed, a report issued by the Ponemon Institute in August of this year found that the average organization could potentially spend up to $3.7 million annually in responding to phishing attacks. 48 percent of these costs are related to a loss in employee productivity, whereas over a quarter (27 percent) pertain to compromised credentials. But consumers are not safe from phishing attacks, either. Mobile banking trojans like Android.Fakelogin and scammers impersonating online travel agencies like Hotels.com and Travelocity are already targeting users for their login credentials. Once they have successfully stolen a set of usernames and passwords, the attackers can use them to compromise consumers' financial, personal and/or medical information. With these threats in mind, businesses and consumers alike need to stay especially alert around this time of year. During the holiday season, inboxes everywhere are flooded with e-cards and messages from relatives, friends and well-wishers. The majority of these are genuine expressions of good tidings. Unfortunately, some of these emails may include links to phishing pages or nefarious software.

"Around the holidays, a very common ploy for cyber criminals is to send fake e-greeting cards with malicious files attached,” said Craig Young, security researcher at Tripwire. “It’s easy for busy, distracted consumers to become victims of these schemes."

Consumers are generally on the lookout for two things leading up to the New Year: convenience and sales. Attackers understand this mindset and exploit it by tricking people, including business employees who might be doing some last-minute shopping themselves, into clicking on suspicious links or email attachments. Falling victim to a phishing attack could seriously dampen one's holiday cheer. However, while there is no way to eliminate the possibility of being victimized, there are a few best security practices that consumers and business employees can follow to greatly reduce their chances. Young recommends that users take the following precautions during the holiday season:

1. Ignore and delete messages with poor grammar or formatting, particularly ones that include file attachments or links, as these are indicative of phishing or spam emails. Also be suspicious of emails that are missing names or use nondescript greetings, such as “Dear Mom and Dad.”
2. Never open emails from unknown addresses with undisclosed recipients, especially if the message contains attachments.
3. If you receive an e-greeting card, consider calling the sender first to confirm if they sent one, and if they didn’t, don’t open it.
4. Always run anti-virus software and keep the signatures up-to-date. If you click on something inappropriate, anti-virus software may prevent a malware infection.
5. Apple devices aren’t immune to malware or phishing. As the number of Apple users has continued to grow, there has been a corresponding increase in malicious software targeting OS X platforms. Apple users should therefore consider installing an anti-virus solution on their devices.

“Many people look forward to connecting with friends and family during the holidays, and cyber criminals take advantage of that,” said Young. “Consumers who take basic precautions are far less likely to be victimized during the busy holiday season.”

For more information on how you can spot a phishing scam and avoid becoming a victim this holiday season, please click here. _{Title image courtesy of ShutterStock}